German Court Says Facebook Not Subject to German Law

Facebook may be gaining ground in its struggle against German authorities. In a preliminary ruling, the state of Schleswig-Holstein’s Administrative Court has rejected penalties against Facebook Inc. and Facebook Ireland, stating that the social network is not subject to German law. The Schleswig-Holstein state data protection authority (the ULD) started enforcement proceedings against the social media giant in December 2012, when the ULD ordered Facebook to stop enforcing its real-name policy and to allow users to sign up using pseudonyms. The ULD argued that Facebook’s real-name policy violates the data protection provisions of the Telemedia Act (TMG), which provide a right to use electronic information and communication services anonymously, and threatened EUR 200,000 fines (approx. $260,140). Facebook opposed the fines.

In preliminary hearings, the court accepted Facebook’s argument that Facebook’s policies were subject to Irish, not German law. First, the court stated that the choice of German law in the Facebook terms of use did not result in the application of German data protection law. The court also ruled that the fact that Facebook was incorporated in Germany did not trigger application of German law because Facebook Germany GmbH was a mere marketing agent and not involved in the processing of the user data in question. The court concluded that Irish law applied because user data were processed through Facebook’s subsidiary in Ireland.

The court’s holding is in contrast to the December 2011 Opinion of the Düsseldorfer Kreis, Germany’s consortium of state data protection regulators. The Düsseldorfer Kreis held that online social networks that target users in Germany are subject to German law. In particular, social networks that target and collect personal data from users located in Germany via computers and devices located in Germany must comply with German law. Based on the language in the German Federal Data Protection Act, the December 2011 Opinion stated that another European Economic Area (EEA) member state’s law may not take precedence over German law unless there is a sole data controller in the other EEA state.

The Schleswig-Holstein’s Administrative Court, however, drew different conclusions and ruled that the applicable law rules in the German data protection law had to be interpreted in light of the Data Protection Directive. Consistent with the Irish Data Protection Commissioner’s assessments, the court concluded that Facebook had a permanent establishment in Ireland and that the Irish subsidiary was processing the user data (the “other” controller). German law did not apply where there is another controller in the EEA processing the data in question, and where there was no processing of the data through an establishment in Germany. Rather, Irish law applied, even where Facebook Inc. acted as a joint or sole controller, and even where the data were hosted—i.e., physically located—in the U.S.

The court went on to hold that the ULD did have enforcement rights to ensure Facebook’s compliance with the applicable Irish data protection laws, but noted that there was no equivalent, explicit right to anonymous use of electronic information and communication services in Ireland, in contrast to Section 13 of the TMG which establishes that explicit right for citizens in Germany.

In a February 15 press release, ULD president Thilo Wichert objected vociferously to the court’s decision. The ULD plans to challenge the finding in the full proceedings following the preliminary ruling.

About Socially Aware

Social media sites are transforming not only the daily lives of consumers, but also how companies interact with consumers. Here at Morrison & Foerster, across all of our practice groups, we are seeing complex, cutting-edge legal issues arising out of social media. As with the Internet boom during the mid-to-late 1990s, social media is generating new legal questions at a far faster pace than the law’s ability to provide answers to such questions. In an effort to stay on top of these emerging issues, and to keep our clients and friends informed of new developments, Morrison & Foerster publishes this blog devoted to the law and business of social media.

Stay Connected

About MoFo

We are Morrison & Foerster — a global firm of exceptional credentials. Our clients include some of the largest financial institutions, investment banks, Fortune 100, technology and life science companies. We’ve been included on The American Lawyer’s A-List for 12 straight years, Chambers Global named MoFo its 2013 USA Law Firm of the Year, and Chambers USA named the firm both its 2013 Intellectual Property and Bankruptcy Firm of the Year. In addition, BTI named MoFo among its 2013 Brand Elite. Our lawyers are committed to achieving innovative and business-minded results for our clients, while preserving the differences that make us stronger.

The views expressed herein shall not be attributed to Morrison & Foerster, its attorneys or its clients.